OAuth

Summary
OAuth 2 in Action teaches you the practical use and deployment of this HTTP-based protocol from the perspectives of a client, authorization server, and resource server. You'll learn how to confidently and securely build and deploy OAuth on both the client and server sides. Foreword by Ianmore » Glazer.
Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
About the Technology
Think of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol that allows users of a service to enable applications to use that service on their behalf without handing over full control. And OAuth is used everywhere, from Facebook and Google, to startups and cloud services.
About the Book
OAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. You'll begin with an overview of OAuth and its components and interactions. Next, you'll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then you'll dig into tokens, dynamic client registration, and more advanced topics. By the end, you'll be able to confidently and securely build and deploy OAuth on both the client and server sides.
What's Inside
* Covers OAuth 2 protocol and design
* Authorization with OAuth 2
* OpenID Connect and User-Managed Access
* Implementation risks
* JOSE, introspection, revocation, and registration
* Protecting and accessing REST APIs
About the Reader
Readers need basic programming skills and knowledge of HTTP and JSON.
About the Author
Justin Richer is a systems architect and software engineer. Antonio Sanso is a security software engineer and a security researcher. Both authors contribute to open standards and open source.
Table of Contents
1. Part 1 - First steps
2. What is OAuth 2.0 and why should you care?
3. The OAuth dance
4. Part 2 - Building an OAuth 2 environment
5. Building a simple OAuth client
6. Building a simple OAuth protected resource
7. Building a simple OAuth authorization server
8. OAuth 2.0 in the real world
9. Part 3 - OAuth 2 implementation and vulnerabilities
10. Common client vulnerabilities
11. Common protected resources vulnerabilities
12. Common authorization server vulnerabilities
13. Common OAuth token vulnerabilities
14. Part 4 - Taking OAuth further
15. OAuth tokens
16. Dynamic client registration
17. User authentication with OAuth 2.0
18. Protocols and profiles using OAuth 2.0
19. Beyond bearer tokens
20. Summary and conclusions « less

Harness the power of Magento 2 – The most recent version of the world's favourite e-Commerce platform for your online store
ABOUT THIS BOOK
* Set up, configure, and power up your Magento environment from development to production
* Master the use of Web API to communicate with the Magento systemmore » and create custom services
* Create custom modules from scratch to extend the core functionality of the Magento system
WHO THIS BOOK IS FOR
This book is intended primarily for intermediate to professional-level PHP developers who are interested in Magento development. For backend developers, several topics are covered that will enable you to modify and extend your Magento 2 store. Frontend developers will also find some coverage on how to customize the look of the site in the frontend.
WHAT YOU WILL LEARN
* Set up the development and production environment of Magento 2
* Understand the new major concepts and conventions used in Magento 2
* Build a miniature yet fully-functional module from scratch to manage your e-commerce platform efficiently
* Write models and collections to manage and search your entity data
* Dive into backend development such as creating events, observers, cron jobs, logging, profiling, and messaging features
* Get to the core of frontend development such as blocks, templates, layouts, and the themes of Magento 2
* Use token, session, and Oauth token-based authentication via various flavors of API calls, as well as creating your own APIs
* Get to grips with testing Magento modules and custom themes, which forms an integral part of development
IN DETAIL
Magento is one of the most exciting, flexible, and customizable e-commerce systems. It offers you an extensive suite of powerful tools for creating and managing an online store. After years of development, Magento 2 introduces itself with a strong emphasis on modularity, Web API's, automated testing and overall new technology stack platform. The long-awaited Magento 2 release introduces a whole new e-commerce platform to develop online stores. The all new Magento 2 architecture, Web APIs, and a host of other features are equally challenging to master as much as they are exciting to use.
This book will ease the learning curve by offering step-by-step guidance on how to extend the core functionality of your Magento 2 store.
This book is your one-stop guide to build and customize a quality e-commerce website from the latest version of one of the largest, fastest growing, and most popular e-commerce platforms—Magento 2.
We start off with an introduction to the fundamental concepts of Magento to give you a foundation to work from. We then move on to configure the development and basic production environment for Magento. After this, you'll get to grips with the major concepts and conventions that are new to the Magento 2 platform. We then delve deeper to get to the core of automated deployments, persisting data, writing data fixture scripts and applying various backend and frontend modifications. As we near the end of the book, you will learn to make API calls and write automated tests. Finally, you will be guided through building a full-blown helpdesk module from scratch.
By the end of this book, you will have learned a wide range of techniques to extend and customize your Magento 2 store to fit the requirements of your business.
STYLE AND APPROACH
This book is a mix of theoretical and step-by-step approaches, explained in a conversational and easy-to-follow style. Topics are explained sequentially, giving detailed explanations of the basic and advanced features to get you working on Magneto 2. « less

OAuth 2.0 has become the most widely used authorization framework. It provides an easy-to-use sign-in mechanism and allows users to quickly and efficiently secure service APIs. It also provides a protection layer for assets so that various third-party applications cannot have direct access to them. Frommore » service providers like Amazon and social media platforms like Facebook and Twitter to various internal enterprise solutions, OAuth 2.0 is the preferred standard for authorization.
OAuth 2.0 Identity and Access Management Patterns is a step-by-step guide to build web, client-side, desktop, and server-side secure OAuth 2.0 client applications by utilizing the appropriate authorization techniques.. This book will help you handle and implement various authorization flows for your chosen type of application. Furthermore, you will understand when and how OAuth 2.0 is used in enterprises for trusted and first-party applications. You will gain knowledge about the Resource Owner Password Credentials grant and the Client Credentials grant, and more importantly, you will understand how to implement them yourself with the help of practical code examples.
You will start by making various client applications step-by-step before moving on to client registration and implementing various OAuth 2.0 authorization flows. Furthermore, you will also be handling server responses with access tokens and errors. By the end of this book, you should understand precisely what it takes for these client applications to be secured.
This book helps you cover each type of application: web, client-side, desktop, and trusted applications. In addition, you are also shown how to implement various authorization grant flows for each of these applications. You will uncover the security features that are a part of OAuth 2.0. More importantly, the book demonstrates what information is transmitted during the execution of a flow, and which precautions can be made. With OAuth 2.0 Identity and Access Management Patterns, you will be able to build a secure OAuth 2.0 client application with full confidence and will completely understand what data is exchanged when performing an authorization grant flow. « less

Overview
* Create powerful web applications by leveraging the power of this Model-View-Controller-based framework
* Learn by doing; create a social network from design to deployment
* Written in a framework and the API-centric approach to simplify the process of learning
In Detail
Zend Frameworkmore » 2 has a flexible architecture that lets us build modern web applications and web services easily. It also provides an easy-to-use, high quality component library that is designed to be used the way you want.
It's easy to get started and produce a powerful and professional looking website with Zend Framework 2 Application Development. Exploring real life applications, we will explore the Zend Framework 2 components, as well as throwing some light on best practices and design concerns faced when building complex MVC applications.
Zend Framework 2 Application Development is a hands-on guide to building your application.
We will explore the components of this new version of the framework and discover how to use each component, the options available, and how to get the most from each component. Whilst learning everything you need to know, we’ll even create our own social network.
We will also learn to engineer an application using an API-centric approach, broadly used today to build applications that work seamlessly on desktops, mobiles and tablets. We will learn how to filter and validate data, interact with databases to retrieve and store data, handle and manipulate file uploads, interact with other websites, deal with spam, and also protect your APIs using OAuth authentication whilst allowing people from all over the world to interact with your application.
Zend Framework 2 Application Development is your guide to everything you need to know to build applications of any size for big and small companies alike, whilst using the right components for the job.
What you will learn from this book
* Get to grips with the features of Zend Framework 2’s MVC architecture
* Filter and validate data no matter what the content is
* Handle and manage file uploads
* Gather content from other websites
* Fight spam with services such as Akismet
* Pull content from RSS feeds
* Quickly build forms such as login, register, and so on.
* Protect your API layer by using authentication protocols such as OAuth
* Manage database operations
* Build web services using the latest controller types
Approach
Every concept is put into practice with clear, step-by-step instructions and a hands-on approach. Forget about hundreds of pages full of theory; learn everything by example with Zend Framework 2 Application Development.
Who this book is written for
Written for PHP developers who want to get started with Zend Framework 2. Whether you are learning Zend framework from scratch or looking to sharpen up your skills from previous versions, Zend Framework 2 Application Development will help you to harness the power of Zend to produce better and more powerful applications. Basic knowledge of object-oriented design will be helpful. « less